Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)

Risk:
Low

Type:
Passive

CWE:
CWE-200

Summary: The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

Solution: Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

References

https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework

https://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html

Free security scan for your website

Don't show website scan report rating on the leaderboard